The Cloud Outsourcing, Disaster Recovery, and Security Bundle includes in editable Microsoft WORD and PDF formats:
- How to Guide for Cloud Processing and Outsourcing includes job descriptions for Manager Cloud applications, Cloud Computing Architect, sample contract, service level agreement, ISO 27001 - 27002 - 27031 security audit checklist, Business and IT Impact Questionnaire and much more.
- Disaster Recovery Plan (DRP) can be used in whole or in part to establish defined responsibilities, actions and procedures to recover the computer, communication and network environment in the event of an unexpected and unscheduled interruption. The template is IS0 27000 (27031) Series, COBIT, Sarbanes Oxley, PCI-DSS, and HIPAA compliant.
- Security Manual Template - (ISO CobiT SOX HIPAA Compliant) includes the Business Impact questionnaire and a Threat and Vulnerability Assessment Form (PDF and Excel). It is a complete Security Manual and can be used in whole or in part to comply with Sarbanes Oxley, define responsibilities, actions and procedures to manage the security of your computer, communication, Internet and network environment.
The CEO of Janco, M. Victor Janulaitis said, “IT managers have eagerly implemented cloud applications to reap its many benefits including lower hardware, infrastructure, and energy costs. Now the focus is on having DR/BC Plans that utilize cloud processing as a top priority.” He added, “The recent storms in Texas have shown many CIOs that DR/BC at a time when working from home is the norm, processing plans need to be more resilient. With the 2021 editions of our Cloud, DR/BC, and Security Templates we have addressed those needs directly.”
These core documents are delivered electronically along with specific infrastructure procedures, job descriptions and electronic forms. In addition, there are over 200 pages of additional supporting materials that can be used by companies to update their existing DR/BC plans and Security protocols. Being modular in nature, Janco’s full bundle does not need to be implemented. Rather components of the How to Cloud Guide, DR/BC, and Security Templates can be extracted and added to existing infrastructure and plans.
The 2021 Edition has detail DR/BC activation procedures and implementation work plans. The bundle of three templates provides clear examples of how to get something done quickly and efficiently given the needs of today’s complex operating environments. Any sized organization can benefit from this tool. It is comprehensive and the processes created are concise and easily implemented. There are checklists and examples of what is needed to get systems and networks working quickly.
Table of Contents
How to Guide for Cloud Processing and Outsourcing
How to Guide for Cloud Processing and Outsourcing
- License for This Document
- Limitations.
- Cloud and Outsourcing Management Standard
- Service Level Agreements (SLA)
- Problem Responsibility
- Cloud Processing and Outsourcing Policy Standard
- ISO 31000 Compliance - Risk Management
- GDPR Data Privacy Mandate
- Cloud Processing and Outsourcing Approval Standard
- Steps to implement Software as a Service (SaaS) via the Cloud.
- Cloud Outsource Service Provider Level Agreements and Metrics.
- SLA and Metrics Reporting
- Finding and Selecting a Cloud Outsource Vendor
- Outline for RFP and Negotiation of Contract Terms
Appendix
- Base Case Development
- Sample Service Level Agreement
- Sample Metrics for Service Level Agreements
- Business and IT Impact Analysis Questionnaire
- ISO - Security Process Audit Checklist
- Security Policy Management Objectives
- Corporate Security Management Objectives
- Organizational Asset Management Objectives
- Human Resource Security Management Objectives
- Physical and Environmental Security Management Objectives
- Communications and Operations Management Objectives
- Information Access Control Management Objectives
- Systems Development and Maintenance Objectives
- Information Security Incident Management Objectives
- DRP and Business Continuity Management Objectives.
- Compliance Management Objectives.
- Control and Security Objectives
- Cloud/Outsourcing Security Checklist Looking Ahead
- Detail Job Descriptions
- Director Disaster Recovery and Business Continuity
- Disaster Recovery Coordinator
- Manager of Cloud Applications
- Manager WFH Support
- Cloud Computing Architect
- Digital Brand Manager
- Capacity Planning Supervisor
- Cloud and Outsourcing Forms
- Application & File Server inventory
- Company Asset Employee Control Log
- Non-Disclosure Agreement
- Outsourcing Security Compliance Agreement Form
- Outsourcing and Cloud Security Compliance Agreement Form
- Work From Home Contact Information
- Work From Home IT Checklist
What’s new
Disaster Recovery Plan (DRP)
1. Plan Introduction
1.1 Recovery Life Cycle - After a "Major Event"
1.2 Mission and Objectives
Compliance
Iso Compliance Process
Iso 27031 Overview
Iso 22301
Iso 28000
1.3 Disaster Recovery/Business Continuity Scope
1.4 Authorization
1.5 Responsibility
1.6 Key Plan Assumptions
1.7 Disaster Definition
1.8 Metrics
1.9 Disaster Recovery/Business Continuity and Security Basics
2. Business Impact Analysis
2.1 Scope
2.2 Objectives
2.3 Analyze Threats
2.4 Critical Time Frame
2.5 Application System Impact Statements
2.6 Information Reporting
2.7 Best Data Practices
2.8 Summary
3. Backup Strategy
3.1 Site Strategy
3.2 Backup Best Practices
3.3 Data Capture and Backups
3.4 Communication Strategy
3.5 Enterprise Data Center Systems - Strategy
3.6 Departmental File Servers - Strategy
3.7 Wireless Network File Servers - Strategy
3.8 Data at Outsourced Sites (Including ISP’s) - Strategy
3.9 Branch Offices (Remote Offices & Retail Locations) - Strategy
3.10 Desktop Workstations (In Office) - Strategy
3.11 Desktop Workstations (Off-Site Including At-Home Users) - Strategy
3.12 Laptops - Strategy
3.13 PDA’s and Smartphones - Strategy
3.14 Byods - Strategy
3.15 IoT Devices - Strategy
4. Recovery Strategy
4.1 Approach
4.2 Escalation Plans
4.3 Decision Points
5. Disaster Recovery Organization
5.1 Recovery Team Organization Chart
5.2 Disaster Recovery Team
5.3 Recovery Team Responsibilities
5.3.1 Recovery Management
5.3.2 Damage Assessment and Salvage Team
5.3.3 Physical Security
5.3.4 Administration
5.3.5 Hardware Installation
5.3.6 Systems, Applications, and Network Software
5.3.7 Communications
5.3.8 Operations
6. Disaster Recovery Emergency Procedures
6.1 General
6.2 Recovery Management
6.3 Damage Assessment and Salvage
6.4 Physical Security
6.5 Administration
6.6 Hardware Installation
6.7 Systems, Applications & Network Software
6.8 Communications
6.9 Operations
7. Plan Administration
7.1 Disaster Recovery Manager
7.2 Distribution of the Disaster Recovery Plan
7.3 Maintenance of the Business Impact Analysis
7.4 Training of the Disaster Recovery Team
7.5 Testing of the Disaster Recovery Plan
7.6 Evaluation of the Disaster Recovery Plan Tests
7.7 Maintenance of the Disaster Recovery Plan
8. Appendix A - Listing of Attached Materials
8.1 Disaster Recovery Business Continuity - Electronic Forms
- Site Evaluation Checklist
- Lan Node Inventory
- Location Contact Numbers
- Off-Site Inventory
- Pandemic Planning Checklist
- Personnel Location
- Plan Distribution
- Remote Location Contact Information
- Server Registration
- Team Call List
- Vendor Contact List
- Vendor/Partner Questionnaire
- Work from Home Contact Information
8.2 Safety Program Forms - Electronic Forms
- Area Safety Inspection
- Employee Job Hazard Analysis
- First Report of Injury
- Inspection Checklist - Alternative Locations
- Inspection Checklist - Computer Server Data Center
- Inspection Checklist - Office Locations
- New Employee Safety Checklist
- Safety Program Contact List
- Training Record
8.3 Business Impact Analysis - Electronic Forms.
- Application and File Server Inventory
- Business Impact Questionnaire
8.4 Job Descriptions
- Disaster Recovery Manager
- Manager Disaster Recovery and Business Continuity
- Pandemic Coordinator
8.5 Attached Infrastructure Policies
- Backup and Backup Retention Policy
- Incident Communication Plan Policy
- Physical and Virtual Server Security Policy
- Social Networking Policy
8.6 Other Attachments
- Disaster Recovery Business Continuity Audit Program
9. Appendix B - Reference Materials
9.1 Preventative Measures
9.2 Sample Application Systems Impact Statement
9.3 Key Customer Notification List
9.4 Resources Required for Business Continuity
9.5 Critical Resources to Be Retrieved
9.6 Business Continuity Off-Site Materials
9.7 Work Plan
9.8 Audit Disaster Recovery Plan Process
9.9 Departmental DRP and BCP Activation Workbook
- Quick Reference Guide
- Team Alert List.
- Team Responsibilities
- Team Leader Responsibilities/Checklist
- Critical Functions
- Normal Business Hours Response
- After Normal Business Hours Response
- Primary Location
- Alternate Location
- Team Recovery
- Notification
- Notification Procedure.
- Notification Call List.
- Project Status Report
- Planned Activities for the Period
- Accomplished Planned Activities
- Planned Activities Not Accomplished
- Unplanned Activities Performed or Identified
9.10 Web Site Disaster Recovery Planning Form
9.11 General Distribution Information
9.12 Disaster Recovery Sample Contract
9.13 Ransomware - HIPAA Guidance
9.14 Power Requirement Planning Check List
9.14 Colocation Checklist
10. Change History
Security Manual Template
1. Security - Introduction
- Scope
- Objective
- Applicability
- Best Practices
- WFH Operational Rules
- Web Site Security Flaws
- ISO 27000 Compliance Process
- Security General Policy
- Responsibilities
2. Minimum and Mandated Security Standard Requirements
- ISO Security Domains
- ISO 27000
- Gramm-Leach-Bliley (Financial Services Modernization Act of 1999.
- FTC Information Safeguards.
- Federal Information Processing Standard - FIPS 199.
- NIST SP 800-53
- Sarbanes-Oxley Act
- California SB 1386 Personal Information Privacy
- California Consumer Privacy Act - 2018
- Massachusetts 201 CMR 17.00 Data Protection Requirements
- What Google and Other 3rd Parties Know
- Internet Security Myths
3. Vulnerability Analysis and Threat Assessment
- Threat and Vulnerability Assessment Tool
- Evaluate Risk
4. Risk Analysis - IT Applications and Functions
- Objective
- Roles and Responsibilities
- Program Requirements
- Frequency
- Relationship to Effective Security Design
- Selection of Safeguards
- Requests for Waiver
- Program Basic Elements
5. Staff Member Roles
- Basic Policies
- Security - Responsibilities.
- Determining Sensitive Internet and Information Technology Systems Positions
- Personnel Practices
- Education and Training
- Contractor Personnel
6. Physical Security
- Information Processing Area Classification.
- Classification Categories
- Access Control
- Levels of Access Authority
- Access Control Requirements by Category.
- Implementation Requirements
- Protection of Supporting Utilities
7. Facility Design, Construction, and Operational Considerations
- Building Location
- External Characteristics
- Location of Information Processing Areas
- Construction Standards
- Water Damage Protection
- Air Conditioning
- Entrances and Exits.
- Interior Furnishings
- Fire
- Electrical
- Air Conditioning
- Remote Internet and Information Technology Workstations
- Lost Equipment
- Training, Drills, Maintenance, and Testing
8. Media and Documentation
- Data Storage and Media Protection
- Documentation
10. Data and Software Security
- Resources to Be Protected
- Classification
- Rights
- Access Control
- Internet/Intranet/Terminal Access/Wireless Access
- Spyware
- Wireless Security Standards
- Logging and Audit Trail Requirements
- Satisfactory Compliance.
- Violation Reporting and Follow-Up
11. Internet and Information Technology Contingency Planning
- Responsibilities
- Information Technology
- Contingency Planning
- Documentation
- Contingency Plan Activation and Recovery
- Disaster Recovery/Business Continuity and Security Basics
12. Insurance Requirements
- Objectives
- Responsibilities
- Filing a Proof of Loss
- Risk Analysis Program
- Purchased Equipment and Systems
- Leased Equipment and Systems
- Media
- Business Interruption.
- Staff Member Dishonesty
- Errors and Omissions
13. Security Information and Event Management (SIEM)
- Best Practices for SIEM
- KPI Metrics for SIEM
14. Identity Protection
- Identifying Relevant Red Flags
- Preventing and Mitigating Identity Theft
- Updating the Program
- Methods for Administering the Program
15. Ransomware - HIPAA Guidance
- Required response
16. Outsourced Services
- Responsibilities
- Outside Service Providers - Including Cloud
17. Waiver Procedures
- Purpose and Scope
- Policy
- Definition
- Responsibilities
- Procedure
18. Incident Reporting Procedure
- Purpose & Scope
- Definitions
- Responsibilities
- Procedure
- Analysis/Evaluation
19. Access Control Guidelines
- Purpose & Scope
- Objectives
- Definitions of Access Control Zones
- Responsibilities
- Badge Issuance
Appendix - A
Attached Job Descriptions
- Chief Security Officer (CSO)
- Chief Compliance Officer (CCO)
- Data Protection Officer
- Manager Security and Workstation
- Manager WFH support
- Security Architect
- System Administrator
Attached Policies
- Blog and Personal Website Policy
- Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
- Mobile Device Policy
- Physical and Virtual File Server Security Policy
- Sensitive Information Policy - Credit Card, Social Security, Employee, and Customer Data
- Travel and Off-Site Meeting Policy
Attached Security Forms
- Application & File Server Inventory
- Blog Policy Compliance Agreement
- BYOD Access and Use Agreement
- Company Asset Employee Control Log
- Email Employee Agreement
- Employee Termination Procedures and Checklist
- FIPS 199 Assessment
- Internet Access Request Form
- Internet and Electronic Communication Employee Agreement
- Internet use Approval
- Mobile Device Access and Use Agreement
- Mobile Device Security and Compliance Checklist
- New Employee Security Acknowledgment and Release
- Outsourcing and Cloud Security Compliance Agreement
- Outsourcing Security Compliance Agreement
- Preliminary Security Audit Checklist
- Privacy Compliance Policy Acceptance Agreement
- Risk Assessment
- Security Access Application
- Security Audit Report
- Security Violation Procedures
- Sensitive Information Policy Compliance Agreement
- Server Registration
- Social networking Policy Compliance Agreement
- Telecommuting Work Agreement
- Text Messaging Sensitive Information Agreement
- Threat and Vulnerability Assessment Inventory
- Work From Home Work Agreement
Additional Attached Materials
- Business and IT Impact Questionnaire
- Threat and Vulnerability Assessment Tool
- Sarbanes-Oxley Section 404 Check List Excel Spreadsheet
Appendix - B
- Practical Tips for Prevention of Security Breaches and PCI Audit Failure
- Risk Assessment Process
- Employee Termination Process
- Security Management Compliance Checklist
- Massachusetts 201 CMR 17 Compliance Checklist
- User/Customer Sensitive Information and Privacy Bill of Rights
- General Data Protection Regulation (GDPR) - Checklist
- HIPAA Audit Program Guide
- ISO 27000 Security Process Audit Checklist
- Firewall Security Requirements
- Firewall Security Policy Checklist
- BYOD and Mobile Content Best of Breed Security Checklist
Revision History
Samples
LOADING...